@liflig/cdk 2.18.5 → 2.18.7

package/lib/kinesis/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KinesisToDatadogStream = void 0;
+var kinesis_to_datadog_stream_1 = require("./kinesis-to-datadog-stream");
+Object.defineProperty(exports, "KinesisToDatadogStream", { enumerable: true, get: function () { return kinesis_to_datadog_stream_1.KinesisToDatadogStream; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMva2luZXNpcy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSx5RUFHb0M7QUFGbEMsbUlBQUEsc0JBQXNCLE9BQUEiLCJzb3VyY2VzQ29udGVudCI6WyJleHBvcnQge1xuICBLaW5lc2lzVG9EYXRhZG9nU3RyZWFtLFxuICBLaW5lc2lzVG9EYXRhZG9nU3RyZWFtUHJvcHMsXG59IGZyb20gXCIuL2tpbmVzaXMtdG8tZGF0YWRvZy1zdHJlYW1cIlxuIl19

package/lib/kinesis/kinesis-to-datadog-stream.d.ts

@@ -0,0 +1,28 @@
+import * as constructs from "constructs";
+import * as logs from "aws-cdk-lib/aws-logs";
+export interface KinesisToDatadogStreamProps {
+    /**
+     *
+     * The name of the SecretsManager secret where your Datadog API key is saved.
+     *
+     * The secret must be a JSON object on the format { "value": "SECRET" }
+     *
+     */
+    datadogApiKeySecretName: string;
+    /**
+     *
+     * The CloudWatch log groups from you are streaming to Datadog
+     *
+     */
+    logGroups: logs.ILogGroup[];
+}
+/**
+ *
+ * Forwards logs from log-groups in CloudWatch to a Datadog account.
+ * The logs are delivered through a Firehose delivery stream, which is being subscribed to the log-groups in CloudWatch.
+ *
+ * @author Stein-Aage
+ */
+export declare class KinesisToDatadogStream extends constructs.Construct {
+    constructor(scope: constructs.Construct, id: string, props: KinesisToDatadogStreamProps);
+}

package/lib/kinesis/kinesis-to-datadog-stream.js

@@ -0,0 +1,126 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KinesisToDatadogStream = void 0;
+const constructs = require("constructs");
+const iam = require("aws-cdk-lib/aws-iam");
+const firehose = require("aws-cdk-lib/aws-kinesisfirehose");
+const logs = require("aws-cdk-lib/aws-logs");
+const s3 = require("aws-cdk-lib/aws-s3");
+const aws_s3_1 = require("aws-cdk-lib/aws-s3");
+const secretsmanager = require("aws-cdk-lib/aws-secretsmanager");
+const cdk = require("aws-cdk-lib");
+/**
+ *
+ * Forwards logs from log-groups in CloudWatch to a Datadog account.
+ * The logs are delivered through a Firehose delivery stream, which is being subscribed to the log-groups in CloudWatch.
+ *
+ * @author Stein-Aage
+ */
+class KinesisToDatadogStream extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const deliveryStreamLogGroup = new logs.LogGroup(this, "DeliveryStreamLogGroup");
+        const deliveryStreamLogStream = new logs.LogStream(this, "DeliveryStreamLogStream", {
+            logGroup: deliveryStreamLogGroup,
+        });
+        const failedDataBucket = new s3.Bucket(this, "FailedDataBucket", {
+            blockPublicAccess: aws_s3_1.BlockPublicAccess.BLOCK_ALL,
+        });
+        const cloudWatchLogsRole = new iam.Role(this, "CloudWatchLogsRole", {
+            assumedBy: new iam.ServicePrincipal(`logs.${cdk.Stack.of(this).region}.amazonaws.com`),
+        });
+        const firehoseLogsRole = new iam.Role(this, "FirehoseLogsRole", {
+            assumedBy: new iam.ServicePrincipal("firehose.amazonaws.com"),
+        });
+        const datadogDeliveryStream = new firehose.CfnDeliveryStream(this, "DeliveryStream", {
+            deliveryStreamType: "DirectPut",
+            httpEndpointDestinationConfiguration: {
+                roleArn: firehoseLogsRole.roleArn,
+                endpointConfiguration: {
+                    url: "https://aws-kinesis-http-intake.logs.datadoghq.eu/v1/input",
+                    accessKey: secretsmanager.Secret.fromSecretNameV2(scope, "DatadogApiKey", props.datadogApiKeySecretName)
+                        .secretValueFromJson("value")
+                        .toString(),
+                    name: "datadog-logs-endpoint",
+                },
+                requestConfiguration: {
+                    contentEncoding: "GZIP",
+                },
+                cloudWatchLoggingOptions: {
+                    enabled: true,
+                    logGroupName: deliveryStreamLogGroup.logGroupName,
+                    logStreamName: deliveryStreamLogStream.logStreamName,
+                },
+                bufferingHints: {
+                    intervalInSeconds: 60,
+                    sizeInMBs: 4,
+                },
+                retryOptions: {
+                    durationInSeconds: 60,
+                },
+                s3BackupMode: "FailedDataOnly",
+                s3Configuration: {
+                    bucketArn: failedDataBucket.bucketArn,
+                    compressionFormat: "UNCOMPRESSED",
+                    roleArn: firehoseLogsRole.roleArn,
+                },
+            },
+        });
+        new iam.Policy(this, "CloudWatchLogsPolicy", {
+            document: new iam.PolicyDocument({
+                statements: [
+                    new iam.PolicyStatement({
+                        actions: ["firehose:PutRecord", "firehose:PutRecordBatch"],
+                        resources: [datadogDeliveryStream.attrArn],
+                    }),
+                ],
+            }),
+            roles: [cloudWatchLogsRole],
+        });
+        new iam.Policy(this, "FirehoseLogsPolicy", {
+            document: new iam.PolicyDocument({
+                statements: [
+                    new iam.PolicyStatement({
+                        actions: [
+                            "s3:AbortMultipartUpload",
+                            "s3:GetBucketLocation",
+                            "s3:GetObject",
+                            "s3:ListBucket",
+                            "s3:ListBucketMultipartUploads",
+                            "s3:PutObject",
+                        ],
+                        resources: [
+                            failedDataBucket.bucketArn,
+                            `${failedDataBucket.bucketArn}/*`,
+                        ],
+                    }),
+                    new iam.PolicyStatement({
+                        actions: ["logs:PutLogEvents"],
+                        resources: [
+                            `arn:aws:logs:${cdk.Stack.of(this).region}:${cdk.Stack.of(this).account}:log-group:${deliveryStreamLogGroup.logGroupName}:log-stream:${deliveryStreamLogStream.logStreamName}`,
+                        ],
+                    }),
+                    new iam.PolicyStatement({
+                        actions: [
+                            "kinesis:DescribeStream",
+                            "kinesis:GetShardIterator",
+                            "kinesis:GetRecords",
+                        ],
+                        resources: [datadogDeliveryStream.attrArn],
+                    }),
+                ],
+            }),
+            roles: [firehoseLogsRole],
+        });
+        props.logGroups.forEach((logGroup, index) => {
+            new logs.CfnSubscriptionFilter(this, `SubscriptionFilter${index}`, {
+                logGroupName: logGroup.logGroupName,
+                destinationArn: datadogDeliveryStream.attrArn,
+                filterPattern: logs.FilterPattern.allEvents().logPatternString,
+                roleArn: cloudWatchLogsRole.roleArn,
+            });
+        });
+    }
+}
+exports.KinesisToDatadogStream = KinesisToDatadogStream;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2luZXNpcy10by1kYXRhZG9nLXN0cmVhbS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9raW5lc2lzL2tpbmVzaXMtdG8tZGF0YWRvZy1zdHJlYW0udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEseUNBQXdDO0FBQ3hDLDJDQUEwQztBQUMxQyw0REFBMkQ7QUFDM0QsNkNBQTRDO0FBQzVDLHlDQUF3QztBQUN4QywrQ0FBc0Q7QUFDdEQsaUVBQWdFO0FBQ2hFLG1DQUFrQztBQW1CbEM7Ozs7OztHQU1HO0FBQ0gsTUFBYSxzQkFBdUIsU0FBUSxVQUFVLENBQUMsU0FBUztJQUM5RCxZQUNFLEtBQTJCLEVBQzNCLEVBQVUsRUFDVixLQUFrQztRQUVsQyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO1FBRWhCLE1BQU0sc0JBQXNCLEdBQUcsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUM5QyxJQUFJLEVBQ0osd0JBQXdCLENBQ3pCLENBQUE7UUFFRCxNQUFNLHVCQUF1QixHQUFHLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FDaEQsSUFBSSxFQUNKLHlCQUF5QixFQUN6QjtZQUNFLFFBQVEsRUFBRSxzQkFBc0I7U0FDakMsQ0FDRixDQUFBO1FBRUQsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLGtCQUFrQixFQUFFO1lBQy9ELGlCQUFpQixFQUFFLDBCQUFpQixDQUFDLFNBQVM7U0FDL0MsQ0FBQyxDQUFBO1FBRUYsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLG9CQUFvQixFQUFFO1lBQ2xFLFNBQVMsRUFBRSxJQUFJLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FDakMsUUFBUSxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLGdCQUFnQixDQUNsRDtTQUNGLENBQUMsQ0FBQTtRQUVGLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtZQUM5RCxTQUFTLEVBQUUsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsd0JBQXdCLENBQUM7U0FDOUQsQ0FBQyxDQUFBO1FBRUYsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLFFBQVEsQ0FBQyxpQkFBaUIsQ0FDMUQsSUFBSSxFQUNKLGdCQUFnQixFQUNoQjtZQUNFLGtCQUFrQixFQUFFLFdBQVc7WUFDL0Isb0NBQW9DLEVBQUU7Z0JBQ3BDLE9BQU8sRUFBRSxnQkFBZ0IsQ0FBQyxPQUFPO2dCQUNqQyxxQkFBcUIsRUFBRTtvQkFDckIsR0FBRyxFQUFFLDREQUE0RDtvQkFDakUsU0FBUyxFQUFFLGNBQWMsQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQy9DLEtBQUssRUFDTCxlQUFlLEVBQ2YsS0FBSyxDQUFDLHVCQUF1QixDQUM5Qjt5QkFDRSxtQkFBbUIsQ0FBQyxPQUFPLENBQUM7eUJBQzVCLFFBQVEsRUFBRTtvQkFDYixJQUFJLEVBQUUsdUJBQXVCO2lCQUM5QjtnQkFDRCxvQkFBb0IsRUFBRTtvQkFDcEIsZUFBZSxFQUFFLE1BQU07aUJBQ3hCO2dCQUNELHdCQUF3QixFQUFFO29CQUN4QixPQUFPLEVBQUUsSUFBSTtvQkFDYixZQUFZLEVBQUUsc0JBQXNCLENBQUMsWUFBWTtvQkFDakQsYUFBYSxFQUFFLHVCQUF1QixDQUFDLGFBQWE7aUJBQ3JEO2dCQUNELGNBQWMsRUFBRTtvQkFDZCxpQkFBaUIsRUFBRSxFQUFFO29CQUNyQixTQUFTLEVBQUUsQ0FBQztpQkFDYjtnQkFDRCxZQUFZLEVBQUU7b0JBQ1osaUJBQWlCLEVBQUUsRUFBRTtpQkFDdEI7Z0JBQ0QsWUFBWSxFQUFFLGdCQUFnQjtnQkFDOUIsZUFBZSxFQUFFO29CQUNmLFNBQVMsRUFBRSxnQkFBZ0IsQ0FBQyxTQUFTO29CQUNyQyxpQkFBaUIsRUFBRSxjQUFjO29CQUNqQyxPQUFPLEVBQUUsZ0JBQWdCLENBQUMsT0FBTztpQkFDbEM7YUFDRjtTQUNGLENBQ0YsQ0FBQTtRQUVELElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLEVBQUU7WUFDM0MsUUFBUSxFQUFFLElBQUksR0FBRyxDQUFDLGNBQWMsQ0FBQztnQkFDL0IsVUFBVSxFQUFFO29CQUNWLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQzt3QkFDdEIsT0FBTyxFQUFFLENBQUMsb0JBQW9CLEVBQUUseUJBQXlCLENBQUM7d0JBQzFELFNBQVMsRUFBRSxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FBQztxQkFDM0MsQ0FBQztpQkFDSDthQUNGLENBQUM7WUFDRixLQUFLLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQztTQUM1QixDQUFDLENBQUE7UUFFRixJQUFJLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLG9CQUFvQixFQUFFO1lBQ3pDLFFBQVEsRUFBRSxJQUFJLEdBQUcsQ0FBQyxjQUFjLENBQUM7Z0JBQy9CLFVBQVUsRUFBRTtvQkFDVixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7d0JBQ3RCLE9BQU8sRUFBRTs0QkFDUCx5QkFBeUI7NEJBQ3pCLHNCQUFzQjs0QkFDdEIsY0FBYzs0QkFDZCxlQUFlOzRCQUNmLCtCQUErQjs0QkFDL0IsY0FBYzt5QkFDZjt3QkFDRCxTQUFTLEVBQUU7NEJBQ1QsZ0JBQWdCLENBQUMsU0FBUzs0QkFDMUIsR0FBRyxnQkFBZ0IsQ0FBQyxTQUFTLElBQUk7eUJBQ2xDO3FCQUNGLENBQUM7b0JBQ0YsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO3dCQUN0QixPQUFPLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQzt3QkFDOUIsU0FBUyxFQUFFOzRCQUNULGdCQUFnQixHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLElBQ3ZDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQ3JCLGNBQWMsc0JBQXNCLENBQUMsWUFBWSxlQUMvQyx1QkFBdUIsQ0FBQyxhQUMxQixFQUFFO3lCQUNIO3FCQUNGLENBQUM7b0JBQ0YsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO3dCQUN0QixPQUFPLEVBQUU7NEJBQ1Asd0JBQXdCOzRCQUN4QiwwQkFBMEI7NEJBQzFCLG9CQUFvQjt5QkFDckI7d0JBQ0QsU0FBUyxFQUFFLENBQUMscUJBQXFCLENBQUMsT0FBTyxDQUFDO3FCQUMzQyxDQUFDO2lCQUNIO2FBQ0YsQ0FBQztZQUNGLEtBQUssRUFBRSxDQUFDLGdCQUFnQixDQUFDO1NBQzFCLENBQUMsQ0FBQTtRQUVGLEtBQUssQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUMsUUFBUSxFQUFFLEtBQUssRUFBRSxFQUFFO1lBQzFDLElBQUksSUFBSSxDQUFDLHFCQUFxQixDQUFDLElBQUksRUFBRSxxQkFBcUIsS0FBSyxFQUFFLEVBQUU7Z0JBQ2pFLFlBQVksRUFBRSxRQUFRLENBQUMsWUFBWTtnQkFDbkMsY0FBYyxFQUFFLHFCQUFxQixDQUFDLE9BQU87Z0JBQzdDLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYSxDQUFDLFNBQVMsRUFBRSxDQUFDLGdCQUFnQjtnQkFDOUQsT0FBTyxFQUFFLGtCQUFrQixDQUFDLE9BQU87YUFDcEMsQ0FBQyxDQUFBO1FBQ0osQ0FBQyxDQUFDLENBQUE7SUFDSixDQUFDO0NBQ0Y7QUEzSUQsd0RBMklDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY29uc3RydWN0cyBmcm9tIFwiY29uc3RydWN0c1wiXG5pbXBvcnQgKiBhcyBpYW0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIlxuaW1wb3J0ICogYXMgZmlyZWhvc2UgZnJvbSBcImF3cy1jZGstbGliL2F3cy1raW5lc2lzZmlyZWhvc2VcIlxuaW1wb3J0ICogYXMgbG9ncyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWxvZ3NcIlxuaW1wb3J0ICogYXMgczMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1zM1wiXG5pbXBvcnQgeyBCbG9ja1B1YmxpY0FjY2VzcyB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIlxuaW1wb3J0ICogYXMgc2VjcmV0c21hbmFnZXIgZnJvbSBcImF3cy1jZGstbGliL2F3cy1zZWNyZXRzbWFuYWdlclwiXG5pbXBvcnQgKiBhcyBjZGsgZnJvbSBcImF3cy1jZGstbGliXCJcblxuZXhwb3J0IGludGVyZmFjZSBLaW5lc2lzVG9EYXRhZG9nU3RyZWFtUHJvcHMge1xuICAvKipcbiAgICpcbiAgICogVGhlIG5hbWUgb2YgdGhlIFNlY3JldHNNYW5hZ2VyIHNlY3JldCB3aGVyZSB5b3VyIERhdGFkb2cgQVBJIGtleSBpcyBzYXZlZC5cbiAgICpcbiAgICogVGhlIHNlY3JldCBtdXN0IGJlIGEgSlNPTiBvYmplY3Qgb24gdGhlIGZvcm1hdCB7IFwidmFsdWVcIjogXCJTRUNSRVRcIiB9XG4gICAqXG4gICAqL1xuICBkYXRhZG9nQXBpS2V5U2VjcmV0TmFtZTogc3RyaW5nXG4gIC8qKlxuICAgKlxuICAgKiBUaGUgQ2xvdWRXYXRjaCBsb2cgZ3JvdXBzIGZyb20geW91IGFyZSBzdHJlYW1pbmcgdG8gRGF0YWRvZ1xuICAgKlxuICAgKi9cbiAgbG9nR3JvdXBzOiBsb2dzLklMb2dHcm91cFtdXG59XG5cbi8qKlxuICpcbiAqIEZvcndhcmRzIGxvZ3MgZnJvbSBsb2ctZ3JvdXBzIGluIENsb3VkV2F0Y2ggdG8gYSBEYXRhZG9nIGFjY291bnQuXG4gKiBUaGUgbG9ncyBhcmUgZGVsaXZlcmVkIHRocm91Z2ggYSBGaXJlaG9zZSBkZWxpdmVyeSBzdHJlYW0sIHdoaWNoIGlzIGJlaW5nIHN1YnNjcmliZWQgdG8gdGhlIGxvZy1ncm91cHMgaW4gQ2xvdWRXYXRjaC5cbiAqXG4gKiBAYXV0aG9yIFN0ZWluLUFhZ2VcbiAqL1xuZXhwb3J0IGNsYXNzIEtpbmVzaXNUb0RhdGFkb2dTdHJlYW0gZXh0ZW5kcyBjb25zdHJ1Y3RzLkNvbnN0cnVjdCB7XG4gIGNvbnN0cnVjdG9yKFxuICAgIHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiBLaW5lc2lzVG9EYXRhZG9nU3RyZWFtUHJvcHMsXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIGNvbnN0IGRlbGl2ZXJ5U3RyZWFtTG9nR3JvdXAgPSBuZXcgbG9ncy5Mb2dHcm91cChcbiAgICAgIHRoaXMsXG4gICAgICBcIkRlbGl2ZXJ5U3RyZWFtTG9nR3JvdXBcIixcbiAgICApXG5cbiAgICBjb25zdCBkZWxpdmVyeVN0cmVhbUxvZ1N0cmVhbSA9IG5ldyBsb2dzLkxvZ1N0cmVhbShcbiAgICAgIHRoaXMsXG4gICAgICBcIkRlbGl2ZXJ5U3RyZWFtTG9nU3RyZWFtXCIsXG4gICAgICB7XG4gICAgICAgIGxvZ0dyb3VwOiBkZWxpdmVyeVN0cmVhbUxvZ0dyb3VwLFxuICAgICAgfSxcbiAgICApXG5cbiAgICBjb25zdCBmYWlsZWREYXRhQnVja2V0ID0gbmV3IHMzLkJ1Y2tldCh0aGlzLCBcIkZhaWxlZERhdGFCdWNrZXRcIiwge1xuICAgICAgYmxvY2tQdWJsaWNBY2Nlc3M6IEJsb2NrUHVibGljQWNjZXNzLkJMT0NLX0FMTCxcbiAgICB9KVxuXG4gICAgY29uc3QgY2xvdWRXYXRjaExvZ3NSb2xlID0gbmV3IGlhbS5Sb2xlKHRoaXMsIFwiQ2xvdWRXYXRjaExvZ3NSb2xlXCIsIHtcbiAgICAgIGFzc3VtZWRCeTogbmV3IGlhbS5TZXJ2aWNlUHJpbmNpcGFsKFxuICAgICAgICBgbG9ncy4ke2Nkay5TdGFjay5vZih0aGlzKS5yZWdpb259LmFtYXpvbmF3cy5jb21gLFxuICAgICAgKSxcbiAgICB9KVxuXG4gICAgY29uc3QgZmlyZWhvc2VMb2dzUm9sZSA9IG5ldyBpYW0uUm9sZSh0aGlzLCBcIkZpcmVob3NlTG9nc1JvbGVcIiwge1xuICAgICAgYXNzdW1lZEJ5OiBuZXcgaWFtLlNlcnZpY2VQcmluY2lwYWwoXCJmaXJlaG9zZS5hbWF6b25hd3MuY29tXCIpLFxuICAgIH0pXG5cbiAgICBjb25zdCBkYXRhZG9nRGVsaXZlcnlTdHJlYW0gPSBuZXcgZmlyZWhvc2UuQ2ZuRGVsaXZlcnlTdHJlYW0oXG4gICAgICB0aGlzLFxuICAgICAgXCJEZWxpdmVyeVN0cmVhbVwiLFxuICAgICAge1xuICAgICAgICBkZWxpdmVyeVN0cmVhbVR5cGU6IFwiRGlyZWN0UHV0XCIsXG4gICAgICAgIGh0dHBFbmRwb2ludERlc3RpbmF0aW9uQ29uZmlndXJhdGlvbjoge1xuICAgICAgICAgIHJvbGVBcm46IGZpcmVob3NlTG9nc1JvbGUucm9sZUFybixcbiAgICAgICAgICBlbmRwb2ludENvbmZpZ3VyYXRpb246IHtcbiAgICAgICAgICAgIHVybDogXCJodHRwczovL2F3cy1raW5lc2lzLWh0dHAtaW50YWtlLmxvZ3MuZGF0YWRvZ2hxLmV1L3YxL2lucHV0XCIsXG4gICAgICAgICAgICBhY2Nlc3NLZXk6IHNlY3JldHNtYW5hZ2VyLlNlY3JldC5mcm9tU2VjcmV0TmFtZVYyKFxuICAgICAgICAgICAgICBzY29wZSxcbiAgICAgICAgICAgICAgXCJEYXRhZG9nQXBpS2V5XCIsXG4gICAgICAgICAgICAgIHByb3BzLmRhdGFkb2dBcGlLZXlTZWNyZXROYW1lLFxuICAgICAgICAgICAgKVxuICAgICAgICAgICAgICAuc2VjcmV0VmFsdWVGcm9tSnNvbihcInZhbHVlXCIpXG4gICAgICAgICAgICAgIC50b1N0cmluZygpLFxuICAgICAgICAgICAgbmFtZTogXCJkYXRhZG9nLWxvZ3MtZW5kcG9pbnRcIixcbiAgICAgICAgICB9LFxuICAgICAgICAgIHJlcXVlc3RDb25maWd1cmF0aW9uOiB7XG4gICAgICAgICAgICBjb250ZW50RW5jb2Rpbmc6IFwiR1pJUFwiLFxuICAgICAgICAgIH0sXG4gICAgICAgICAgY2xvdWRXYXRjaExvZ2dpbmdPcHRpb25zOiB7XG4gICAgICAgICAgICBlbmFibGVkOiB0cnVlLFxuICAgICAgICAgICAgbG9nR3JvdXBOYW1lOiBkZWxpdmVyeVN0cmVhbUxvZ0dyb3VwLmxvZ0dyb3VwTmFtZSxcbiAgICAgICAgICAgIGxvZ1N0cmVhbU5hbWU6IGRlbGl2ZXJ5U3RyZWFtTG9nU3RyZWFtLmxvZ1N0cmVhbU5hbWUsXG4gICAgICAgICAgfSxcbiAgICAgICAgICBidWZmZXJpbmdIaW50czoge1xuICAgICAgICAgICAgaW50ZXJ2YWxJblNlY29uZHM6IDYwLFxuICAgICAgICAgICAgc2l6ZUluTUJzOiA0LFxuICAgICAgICAgIH0sXG4gICAgICAgICAgcmV0cnlPcHRpb25zOiB7XG4gICAgICAgICAgICBkdXJhdGlvbkluU2Vjb25kczogNjAsXG4gICAgICAgICAgfSxcbiAgICAgICAgICBzM0JhY2t1cE1vZGU6IFwiRmFpbGVkRGF0YU9ubHlcIixcbiAgICAgICAgICBzM0NvbmZpZ3VyYXRpb246IHtcbiAgICAgICAgICAgIGJ1Y2tldEFybjogZmFpbGVkRGF0YUJ1Y2tldC5idWNrZXRBcm4sXG4gICAgICAgICAgICBjb21wcmVzc2lvbkZvcm1hdDogXCJVTkNPTVBSRVNTRURcIixcbiAgICAgICAgICAgIHJvbGVBcm46IGZpcmVob3NlTG9nc1JvbGUucm9sZUFybixcbiAgICAgICAgICB9LFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICApXG5cbiAgICBuZXcgaWFtLlBvbGljeSh0aGlzLCBcIkNsb3VkV2F0Y2hMb2dzUG9saWN5XCIsIHtcbiAgICAgIGRvY3VtZW50OiBuZXcgaWFtLlBvbGljeURvY3VtZW50KHtcbiAgICAgICAgc3RhdGVtZW50czogW1xuICAgICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgIGFjdGlvbnM6IFtcImZpcmVob3NlOlB1dFJlY29yZFwiLCBcImZpcmVob3NlOlB1dFJlY29yZEJhdGNoXCJdLFxuICAgICAgICAgICAgcmVzb3VyY2VzOiBbZGF0YWRvZ0RlbGl2ZXJ5U3RyZWFtLmF0dHJBcm5dLFxuICAgICAgICAgIH0pLFxuICAgICAgICBdLFxuICAgICAgfSksXG4gICAgICByb2xlczogW2Nsb3VkV2F0Y2hMb2dzUm9sZV0sXG4gICAgfSlcblxuICAgIG5ldyBpYW0uUG9saWN5KHRoaXMsIFwiRmlyZWhvc2VMb2dzUG9saWN5XCIsIHtcbiAgICAgIGRvY3VtZW50OiBuZXcgaWFtLlBvbGljeURvY3VtZW50KHtcbiAgICAgICAgc3RhdGVtZW50czogW1xuICAgICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAgICAgXCJzMzpBYm9ydE11bHRpcGFydFVwbG9hZFwiLFxuICAgICAgICAgICAgICBcInMzOkdldEJ1Y2tldExvY2F0aW9uXCIsXG4gICAgICAgICAgICAgIFwiczM6R2V0T2JqZWN0XCIsXG4gICAgICAgICAgICAgIFwiczM6TGlzdEJ1Y2tldFwiLFxuICAgICAgICAgICAgICBcInMzOkxpc3RCdWNrZXRNdWx0aXBhcnRVcGxvYWRzXCIsXG4gICAgICAgICAgICAgIFwiczM6UHV0T2JqZWN0XCIsXG4gICAgICAgICAgICBdLFxuICAgICAgICAgICAgcmVzb3VyY2VzOiBbXG4gICAgICAgICAgICAgIGZhaWxlZERhdGFCdWNrZXQuYnVja2V0QXJuLFxuICAgICAgICAgICAgICBgJHtmYWlsZWREYXRhQnVja2V0LmJ1Y2tldEFybn0vKmAsXG4gICAgICAgICAgICBdLFxuICAgICAgICAgIH0pLFxuICAgICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICAgIGFjdGlvbnM6IFtcImxvZ3M6UHV0TG9nRXZlbnRzXCJdLFxuICAgICAgICAgICAgcmVzb3VyY2VzOiBbXG4gICAgICAgICAgICAgIGBhcm46YXdzOmxvZ3M6JHtjZGsuU3RhY2sub2YodGhpcykucmVnaW9ufToke1xuICAgICAgICAgICAgICAgIGNkay5TdGFjay5vZih0aGlzKS5hY2NvdW50XG4gICAgICAgICAgICAgIH06bG9nLWdyb3VwOiR7ZGVsaXZlcnlTdHJlYW1Mb2dHcm91cC5sb2dHcm91cE5hbWV9OmxvZy1zdHJlYW06JHtcbiAgICAgICAgICAgICAgICBkZWxpdmVyeVN0cmVhbUxvZ1N0cmVhbS5sb2dTdHJlYW1OYW1lXG4gICAgICAgICAgICAgIH1gLFxuICAgICAgICAgICAgXSxcbiAgICAgICAgICB9KSxcbiAgICAgICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAgIFwia2luZXNpczpEZXNjcmliZVN0cmVhbVwiLFxuICAgICAgICAgICAgICBcImtpbmVzaXM6R2V0U2hhcmRJdGVyYXRvclwiLFxuICAgICAgICAgICAgICBcImtpbmVzaXM6R2V0UmVjb3Jkc1wiLFxuICAgICAgICAgICAgXSxcbiAgICAgICAgICAgIHJlc291cmNlczogW2RhdGFkb2dEZWxpdmVyeVN0cmVhbS5hdHRyQXJuXSxcbiAgICAgICAgICB9KSxcbiAgICAgICAgXSxcbiAgICAgIH0pLFxuICAgICAgcm9sZXM6IFtmaXJlaG9zZUxvZ3NSb2xlXSxcbiAgICB9KVxuXG4gICAgcHJvcHMubG9nR3JvdXBzLmZvckVhY2goKGxvZ0dyb3VwLCBpbmRleCkgPT4ge1xuICAgICAgbmV3IGxvZ3MuQ2ZuU3Vic2NyaXB0aW9uRmlsdGVyKHRoaXMsIGBTdWJzY3JpcHRpb25GaWx0ZXIke2luZGV4fWAsIHtcbiAgICAgICAgbG9nR3JvdXBOYW1lOiBsb2dHcm91cC5sb2dHcm91cE5hbWUsXG4gICAgICAgIGRlc3RpbmF0aW9uQXJuOiBkYXRhZG9nRGVsaXZlcnlTdHJlYW0uYXR0ckFybixcbiAgICAgICAgZmlsdGVyUGF0dGVybjogbG9ncy5GaWx0ZXJQYXR0ZXJuLmFsbEV2ZW50cygpLmxvZ1BhdHRlcm5TdHJpbmcsXG4gICAgICAgIHJvbGVBcm46IGNsb3VkV2F0Y2hMb2dzUm9sZS5yb2xlQXJuLFxuICAgICAgfSlcbiAgICB9KVxuICB9XG59XG4iXX0=

package/lib/load-balancer/index.d.ts

@@ -0,0 +1 @@
+export { LoadBalancer, LoadBalancerProps } from "./load-balancer";

package/lib/load-balancer/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoadBalancer = void 0;
+var load_balancer_1 = require("./load-balancer");
+Object.defineProperty(exports, "LoadBalancer", { enumerable: true, get: function () { return load_balancer_1.LoadBalancer; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbG9hZC1iYWxhbmNlci9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxpREFBaUU7QUFBeEQsNkdBQUEsWUFBWSxPQUFBIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0IHsgTG9hZEJhbGFuY2VyLCBMb2FkQmFsYW5jZXJQcm9wcyB9IGZyb20gXCIuL2xvYWQtYmFsYW5jZXJcIlxuIl19

package/lib/load-balancer/load-balancer.d.ts

@@ -0,0 +1,16 @@
+import * as constructs from "constructs";
+import * as certificatemanager from "aws-cdk-lib/aws-certificatemanager";
+import * as ec2 from "aws-cdk-lib/aws-ec2";
+import * as elb from "aws-cdk-lib/aws-elasticloadbalancingv2";
+import * as s3 from "aws-cdk-lib/aws-s3";
+export interface LoadBalancerProps {
+    certificates: certificatemanager.ICertificate[];
+    vpc: ec2.IVpc;
+    overrideLoadBalancerProps?: Partial<elb.ApplicationLoadBalancerProps>;
+}
+export declare class LoadBalancer extends constructs.Construct {
+    readonly loadBalancer: elb.ApplicationLoadBalancer;
+    readonly httpsListener: elb.ApplicationListener;
+    readonly accessLogsBucket: s3.Bucket;
+    constructor(scope: constructs.Construct, id: string, props: LoadBalancerProps);
+}

package/lib/load-balancer/load-balancer.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoadBalancer = void 0;
+const constructs = require("constructs");
+const ec2 = require("aws-cdk-lib/aws-ec2");
+const elb = require("aws-cdk-lib/aws-elasticloadbalancingv2");
+const aws_elasticloadbalancingv2_1 = require("aws-cdk-lib/aws-elasticloadbalancingv2");
+const s3 = require("aws-cdk-lib/aws-s3");
+const cdk = require("aws-cdk-lib");
+class LoadBalancer extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.loadBalancer = new elb.ApplicationLoadBalancer(this, "LoadBalancer", {
+            vpc: props.vpc,
+            internetFacing: true,
+            vpcSubnets: props.vpc.selectSubnets({
+                subnetType: ec2.SubnetType.PUBLIC,
+            }),
+            ...props.overrideLoadBalancerProps,
+        });
+        this.loadBalancer
+            .addListener("HttpListener", {
+            port: 80,
+        })
+            .addAction("HttpsRedirect", {
+            action: aws_elasticloadbalancingv2_1.ListenerAction.redirect({
+                port: "443",
+                protocol: "HTTPS",
+                permanent: true,
+            }),
+        });
+        // The Load Balancer require a default target group.
+        // We will not connect anything to the default target group.
+        const defaultTargetGroup = new elb.ApplicationTargetGroup(this, "DefaultTargetGroup", {
+            protocol: elb.ApplicationProtocol.HTTP,
+            port: 80,
+            vpc: props.vpc,
+            targetType: elb.TargetType.INSTANCE,
+        });
+        this.httpsListener = this.loadBalancer.addListener("HttpsListener", {
+            sslPolicy: elb.SslPolicy.TLS12,
+            protocol: elb.ApplicationProtocol.HTTPS,
+            port: 443,
+            certificates: props.certificates,
+            defaultTargetGroups: [defaultTargetGroup],
+        });
+        this.accessLogsBucket = new s3.Bucket(this, "AccessLogsBucket", {
+            encryption: s3.BucketEncryption.S3_MANAGED,
+            blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
+            lifecycleRules: [
+                {
+                    expiration: cdk.Duration.days(30),
+                },
+            ],
+        });
+        this.loadBalancer.logAccessLogs(this.accessLogsBucket);
+    }
+}
+exports.LoadBalancer = LoadBalancer;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9hZC1iYWxhbmNlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9sb2FkLWJhbGFuY2VyL2xvYWQtYmFsYW5jZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEseUNBQXdDO0FBRXhDLDJDQUEwQztBQUMxQyw4REFBNkQ7QUFDN0QsdUZBQXVFO0FBQ3ZFLHlDQUF3QztBQUN4QyxtQ0FBa0M7QUFRbEMsTUFBYSxZQUFhLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFLcEQsWUFDRSxLQUEyQixFQUMzQixFQUFVLEVBQ1YsS0FBd0I7UUFFeEIsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQixJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksR0FBRyxDQUFDLHVCQUF1QixDQUFDLElBQUksRUFBRSxjQUFjLEVBQUU7WUFDeEUsR0FBRyxFQUFFLEtBQUssQ0FBQyxHQUFHO1lBQ2QsY0FBYyxFQUFFLElBQUk7WUFDcEIsVUFBVSxFQUFFLEtBQUssQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDO2dCQUNsQyxVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVUsQ0FBQyxNQUFNO2FBQ2xDLENBQUM7WUFDRixHQUFHLEtBQUssQ0FBQyx5QkFBeUI7U0FDbkMsQ0FBQyxDQUFBO1FBRUYsSUFBSSxDQUFDLFlBQVk7YUFDZCxXQUFXLENBQUMsY0FBYyxFQUFFO1lBQzNCLElBQUksRUFBRSxFQUFFO1NBQ1QsQ0FBQzthQUNELFNBQVMsQ0FBQyxlQUFlLEVBQUU7WUFDMUIsTUFBTSxFQUFFLDJDQUFjLENBQUMsUUFBUSxDQUFDO2dCQUM5QixJQUFJLEVBQUUsS0FBSztnQkFDWCxRQUFRLEVBQUUsT0FBTztnQkFDakIsU0FBUyxFQUFFLElBQUk7YUFDaEIsQ0FBQztTQUNILENBQUMsQ0FBQTtRQUVKLG9EQUFvRDtRQUNwRCw0REFBNEQ7UUFDNUQsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLEdBQUcsQ0FBQyxzQkFBc0IsQ0FDdkQsSUFBSSxFQUNKLG9CQUFvQixFQUNwQjtZQUNFLFFBQVEsRUFBRSxHQUFHLENBQUMsbUJBQW1CLENBQUMsSUFBSTtZQUN0QyxJQUFJLEVBQUUsRUFBRTtZQUNSLEdBQUcsRUFBRSxLQUFLLENBQUMsR0FBRztZQUNkLFVBQVUsRUFBRSxHQUFHLENBQUMsVUFBVSxDQUFDLFFBQVE7U0FDcEMsQ0FDRixDQUFBO1FBRUQsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxlQUFlLEVBQUU7WUFDbEUsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTLENBQUMsS0FBSztZQUM5QixRQUFRLEVBQUUsR0FBRyxDQUFDLG1CQUFtQixDQUFDLEtBQUs7WUFDdkMsSUFBSSxFQUFFLEdBQUc7WUFDVCxZQUFZLEVBQUUsS0FBSyxDQUFDLFlBQVk7WUFDaEMsbUJBQW1CLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQztTQUMxQyxDQUFDLENBQUE7UUFFRixJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtZQUM5RCxVQUFVLEVBQUUsRUFBRSxDQUFDLGdCQUFnQixDQUFDLFVBQVU7WUFDMUMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLFNBQVM7WUFDakQsY0FBYyxFQUFFO2dCQUNkO29CQUNFLFVBQVUsRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7aUJBQ2xDO2FBQ0Y7U0FDRixDQUFDLENBQUE7UUFFRixJQUFJLENBQUMsWUFBWSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQTtJQUN4RCxDQUFDO0NBQ0Y7QUFsRUQsb0NBa0VDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY29uc3RydWN0cyBmcm9tIFwiY29uc3RydWN0c1wiXG5pbXBvcnQgKiBhcyBjZXJ0aWZpY2F0ZW1hbmFnZXIgZnJvbSBcImF3cy1jZGstbGliL2F3cy1jZXJ0aWZpY2F0ZW1hbmFnZXJcIlxuaW1wb3J0ICogYXMgZWMyIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWMyXCJcbmltcG9ydCAqIGFzIGVsYiBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVsYXN0aWNsb2FkYmFsYW5jaW5ndjJcIlxuaW1wb3J0IHsgTGlzdGVuZXJBY3Rpb24gfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVsYXN0aWNsb2FkYmFsYW5jaW5ndjJcIlxuaW1wb3J0ICogYXMgczMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1zM1wiXG5pbXBvcnQgKiBhcyBjZGsgZnJvbSBcImF3cy1jZGstbGliXCJcblxuZXhwb3J0IGludGVyZmFjZSBMb2FkQmFsYW5jZXJQcm9wcyB7XG4gIGNlcnRpZmljYXRlczogY2VydGlmaWNhdGVtYW5hZ2VyLklDZXJ0aWZpY2F0ZVtdXG4gIHZwYzogZWMyLklWcGNcbiAgb3ZlcnJpZGVMb2FkQmFsYW5jZXJQcm9wcz86IFBhcnRpYWw8ZWxiLkFwcGxpY2F0aW9uTG9hZEJhbGFuY2VyUHJvcHM+XG59XG5cbmV4cG9ydCBjbGFzcyBMb2FkQmFsYW5jZXIgZXh0ZW5kcyBjb25zdHJ1Y3RzLkNvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBsb2FkQmFsYW5jZXI6IGVsYi5BcHBsaWNhdGlvbkxvYWRCYWxhbmNlclxuICBwdWJsaWMgcmVhZG9ubHkgaHR0cHNMaXN0ZW5lcjogZWxiLkFwcGxpY2F0aW9uTGlzdGVuZXJcbiAgcHVibGljIHJlYWRvbmx5IGFjY2Vzc0xvZ3NCdWNrZXQ6IHMzLkJ1Y2tldFxuXG4gIGNvbnN0cnVjdG9yKFxuICAgIHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiBMb2FkQmFsYW5jZXJQcm9wcyxcbiAgKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKVxuXG4gICAgdGhpcy5sb2FkQmFsYW5jZXIgPSBuZXcgZWxiLkFwcGxpY2F0aW9uTG9hZEJhbGFuY2VyKHRoaXMsIFwiTG9hZEJhbGFuY2VyXCIsIHtcbiAgICAgIHZwYzogcHJvcHMudnBjLFxuICAgICAgaW50ZXJuZXRGYWNpbmc6IHRydWUsXG4gICAgICB2cGNTdWJuZXRzOiBwcm9wcy52cGMuc2VsZWN0U3VibmV0cyh7XG4gICAgICAgIHN1Ym5ldFR5cGU6IGVjMi5TdWJuZXRUeXBlLlBVQkxJQyxcbiAgICAgIH0pLFxuICAgICAgLi4ucHJvcHMub3ZlcnJpZGVMb2FkQmFsYW5jZXJQcm9wcyxcbiAgICB9KVxuXG4gICAgdGhpcy5sb2FkQmFsYW5jZXJcbiAgICAgIC5hZGRMaXN0ZW5lcihcIkh0dHBMaXN0ZW5lclwiLCB7XG4gICAgICAgIHBvcnQ6IDgwLFxuICAgICAgfSlcbiAgICAgIC5hZGRBY3Rpb24oXCJIdHRwc1JlZGlyZWN0XCIsIHtcbiAgICAgICAgYWN0aW9uOiBMaXN0ZW5lckFjdGlvbi5yZWRpcmVjdCh7XG4gICAgICAgICAgcG9ydDogXCI0NDNcIixcbiAgICAgICAgICBwcm90b2NvbDogXCJIVFRQU1wiLFxuICAgICAgICAgIHBlcm1hbmVudDogdHJ1ZSxcbiAgICAgICAgfSksXG4gICAgICB9KVxuXG4gICAgLy8gVGhlIExvYWQgQmFsYW5jZXIgcmVxdWlyZSBhIGRlZmF1bHQgdGFyZ2V0IGdyb3VwLlxuICAgIC8vIFdlIHdpbGwgbm90IGNvbm5lY3QgYW55dGhpbmcgdG8gdGhlIGRlZmF1bHQgdGFyZ2V0IGdyb3VwLlxuICAgIGNvbnN0IGRlZmF1bHRUYXJnZXRHcm91cCA9IG5ldyBlbGIuQXBwbGljYXRpb25UYXJnZXRHcm91cChcbiAgICAgIHRoaXMsXG4gICAgICBcIkRlZmF1bHRUYXJnZXRHcm91cFwiLFxuICAgICAge1xuICAgICAgICBwcm90b2NvbDogZWxiLkFwcGxpY2F0aW9uUHJvdG9jb2wuSFRUUCxcbiAgICAgICAgcG9ydDogODAsXG4gICAgICAgIHZwYzogcHJvcHMudnBjLFxuICAgICAgICB0YXJnZXRUeXBlOiBlbGIuVGFyZ2V0VHlwZS5JTlNUQU5DRSxcbiAgICAgIH0sXG4gICAgKVxuXG4gICAgdGhpcy5odHRwc0xpc3RlbmVyID0gdGhpcy5sb2FkQmFsYW5jZXIuYWRkTGlzdGVuZXIoXCJIdHRwc0xpc3RlbmVyXCIsIHtcbiAgICAgIHNzbFBvbGljeTogZWxiLlNzbFBvbGljeS5UTFMxMixcbiAgICAgIHByb3RvY29sOiBlbGIuQXBwbGljYXRpb25Qcm90b2NvbC5IVFRQUyxcbiAgICAgIHBvcnQ6IDQ0MyxcbiAgICAgIGNlcnRpZmljYXRlczogcHJvcHMuY2VydGlmaWNhdGVzLFxuICAgICAgZGVmYXVsdFRhcmdldEdyb3VwczogW2RlZmF1bHRUYXJnZXRHcm91cF0sXG4gICAgfSlcblxuICAgIHRoaXMuYWNjZXNzTG9nc0J1Y2tldCA9IG5ldyBzMy5CdWNrZXQodGhpcywgXCJBY2Nlc3NMb2dzQnVja2V0XCIsIHtcbiAgICAgIGVuY3J5cHRpb246IHMzLkJ1Y2tldEVuY3J5cHRpb24uUzNfTUFOQUdFRCxcbiAgICAgIGJsb2NrUHVibGljQWNjZXNzOiBzMy5CbG9ja1B1YmxpY0FjY2Vzcy5CTE9DS19BTEwsXG4gICAgICBsaWZlY3ljbGVSdWxlczogW1xuICAgICAgICB7XG4gICAgICAgICAgZXhwaXJhdGlvbjogY2RrLkR1cmF0aW9uLmRheXMoMzApLFxuICAgICAgICB9LFxuICAgICAgXSxcbiAgICB9KVxuXG4gICAgdGhpcy5sb2FkQmFsYW5jZXIubG9nQWNjZXNzTG9ncyh0aGlzLmFjY2Vzc0xvZ3NCdWNrZXQpXG4gIH1cbn1cbiJdfQ==

package/lib/pipelines/conventions.d.ts

@@ -0,0 +1,14 @@
+/**
+ * The role used when running "cdk deploy".
+ */
+export declare const cdkDeployRoleName = "liflig-cdk-deployer-cdk";
+/**
+ * Path on S3 for pipeline configuration.
+ */
+export declare function pipelineS3Prefix(pipelineName: string): string;
+/**
+ * Key in S3 bucket used to trigger pipeline.
+ *
+ * This is an empty file within the pipeline path.
+ */
+export declare function pipelineS3TriggerKey(pipelineName: string): string;

package/lib/pipelines/conventions.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.pipelineS3TriggerKey = exports.pipelineS3Prefix = exports.cdkDeployRoleName = void 0;
+/**
+ * The role used when running "cdk deploy".
+ */
+exports.cdkDeployRoleName = "liflig-cdk-deployer-cdk";
+/**
+ * Path on S3 for pipeline configuration.
+ */
+function pipelineS3Prefix(pipelineName) {
+    return `pipelines/${pipelineName}/`;
+}
+exports.pipelineS3Prefix = pipelineS3Prefix;
+/**
+ * Key in S3 bucket used to trigger pipeline.
+ *
+ * This is an empty file within the pipeline path.
+ */
+function pipelineS3TriggerKey(pipelineName) {
+    return `pipelines/${pipelineName}/trigger`;
+}
+exports.pipelineS3TriggerKey = pipelineS3TriggerKey;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29udmVudGlvbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcGlwZWxpbmVzL2NvbnZlbnRpb25zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBOztHQUVHO0FBQ1UsUUFBQSxpQkFBaUIsR0FBRyx5QkFBeUIsQ0FBQTtBQUUxRDs7R0FFRztBQUNILFNBQWdCLGdCQUFnQixDQUFDLFlBQW9CO0lBQ25ELE9BQU8sYUFBYSxZQUFZLEdBQUcsQ0FBQTtBQUNyQyxDQUFDO0FBRkQsNENBRUM7QUFFRDs7OztHQUlHO0FBQ0gsU0FBZ0Isb0JBQW9CLENBQUMsWUFBb0I7SUFDdkQsT0FBTyxhQUFhLFlBQVksVUFBVSxDQUFBO0FBQzVDLENBQUM7QUFGRCxvREFFQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogVGhlIHJvbGUgdXNlZCB3aGVuIHJ1bm5pbmcgXCJjZGsgZGVwbG95XCIuXG4gKi9cbmV4cG9ydCBjb25zdCBjZGtEZXBsb3lSb2xlTmFtZSA9IFwibGlmbGlnLWNkay1kZXBsb3llci1jZGtcIlxuXG4vKipcbiAqIFBhdGggb24gUzMgZm9yIHBpcGVsaW5lIGNvbmZpZ3VyYXRpb24uXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBwaXBlbGluZVMzUHJlZml4KHBpcGVsaW5lTmFtZTogc3RyaW5nKTogc3RyaW5nIHtcbiAgcmV0dXJuIGBwaXBlbGluZXMvJHtwaXBlbGluZU5hbWV9L2Bcbn1cblxuLyoqXG4gKiBLZXkgaW4gUzMgYnVja2V0IHVzZWQgdG8gdHJpZ2dlciBwaXBlbGluZS5cbiAqXG4gKiBUaGlzIGlzIGFuIGVtcHR5IGZpbGUgd2l0aGluIHRoZSBwaXBlbGluZSBwYXRoLlxuICovXG5leHBvcnQgZnVuY3Rpb24gcGlwZWxpbmVTM1RyaWdnZXJLZXkocGlwZWxpbmVOYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICByZXR1cm4gYHBpcGVsaW5lcy8ke3BpcGVsaW5lTmFtZX0vdHJpZ2dlcmBcbn1cbiJdfQ==

package/lib/pipelines/deploy-env.d.ts

@@ -0,0 +1,18 @@
+import * as constructs from "constructs";
+import * as ec2 from "aws-cdk-lib/aws-ec2";
+import * as s3 from "aws-cdk-lib/aws-s3";
+import * as sfn from "aws-cdk-lib/aws-stepfunctions";
+interface DeployEnvProps {
+    accountId: string;
+    afterSuccessfulDeploy?: sfn.Chain;
+    artefactBucket: s3.IBucket;
+    envName: string;
+    vpc: ec2.IVpc;
+}
+export declare class DeployEnv extends constructs.Construct {
+    chain: sfn.Chain;
+    constructor(scope: constructs.Construct, id: string, props: DeployEnvProps);
+    private getOrCreateCluster;
+    private getOrCreateTaskSecurityGroup;
+}
+export {};

package/lib/pipelines/deploy-env.js

@@ -0,0 +1,96 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DeployEnv = void 0;
+const constructs = require("constructs");
+const ec2 = require("aws-cdk-lib/aws-ec2");
+const ecr = require("aws-cdk-lib/aws-ecr");
+const ecs = require("aws-cdk-lib/aws-ecs");
+const iam = require("aws-cdk-lib/aws-iam");
+const logs = require("aws-cdk-lib/aws-logs");
+const sfn = require("aws-cdk-lib/aws-stepfunctions");
+const tasks = require("aws-cdk-lib/aws-stepfunctions-tasks");
+const cdk = require("aws-cdk-lib");
+const conventions_1 = require("./conventions");
+class DeployEnv extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const cluster = this.getOrCreateCluster(props.vpc);
+        // We don't reuse the task definition across multiple pipelines
+        // so that we can easier find the correct logs for each pipeline.
+        const taskDefinition = new ecs.TaskDefinition(this, "TaskDefinition", {
+            memoryMiB: "1024",
+            cpu: "256",
+            compatibility: ecs.Compatibility.FARGATE,
+        });
+        const containerDefinition = taskDefinition.addContainer("app", {
+            image: ecs.ContainerImage.fromEcrRepository(ecr.Repository.fromRepositoryArn(this, "Repository", 
+            // See https://github.com/capralifecycle/liflig-cdk-deployer
+            "arn:aws:ecr:eu-west-1:001112238813:repository/incub-common-liflig-cdk-deployer"), "1-experimental.2"),
+            logging: ecs.LogDriver.awsLogs({
+                logGroup: new logs.LogGroup(this, "LogGroup", {
+                    removalPolicy: cdk.RemovalPolicy.DESTROY,
+                    retention: logs.RetentionDays.ONE_MONTH,
+                }),
+                streamPrefix: "app",
+            }),
+        });
+        const cdkRole = iam.Role.fromRoleArn(this, `CdkRole-${props.envName}`, `arn:aws:iam::${props.accountId}:role/${conventions_1.cdkDeployRoleName}`);
+        cdkRole.grant(taskDefinition.taskRole, "sts:AssumeRole");
+        props.artefactBucket.grantRead(taskDefinition.taskRole);
+        this.chain = sfn.Chain.start(new tasks.EcsRunTask(this, `Deploy ${props.envName}`, {
+            resultPath: sfn.JsonPath.DISCARD,
+            securityGroups: [this.getOrCreateTaskSecurityGroup(props.vpc)],
+            integrationPattern: sfn.IntegrationPattern.RUN_JOB,
+            cluster,
+            assignPublicIp: true,
+            launchTarget: new tasks.EcsFargateLaunchTarget(),
+            taskDefinition,
+            containerOverrides: [
+                {
+                    containerDefinition,
+                    environment: [
+                        {
+                            name: "CDK_TARGET_ROLE_ARN",
+                            value: cdkRole.roleArn,
+                        },
+                        {
+                            name: "CDK_ENV_NAME",
+                            value: props.envName,
+                        },
+                        {
+                            name: "CDK_CLOUD_ASSEMBLY",
+                            value: sfn.JsonPath.stringAt("$.CloudAssembly"),
+                        },
+                        {
+                            name: "CDK_VARIABLES",
+                            value: sfn.JsonPath.stringAt("$.Variables"),
+                        },
+                    ],
+                },
+            ],
+        }));
+        if (props.afterSuccessfulDeploy != null) {
+            this.chain = this.chain.next(props.afterSuccessfulDeploy);
+        }
+    }
+    // Reuse ECS cluster for multiple pipelines in same stack.
+    getOrCreateCluster(vpc) {
+        var _a;
+        const stack = cdk.Stack.of(this);
+        const uniqueId = "pipeline.04ad36b1.cluster";
+        return ((_a = stack.node.tryFindChild(uniqueId)) !== null && _a !== void 0 ? _a : new ecs.Cluster(stack, uniqueId, {
+            vpc,
+        }));
+    }
+    // Reuse security group for multiple pipelines in same stack.
+    getOrCreateTaskSecurityGroup(vpc) {
+        var _a;
+        const stack = cdk.Stack.of(this);
+        const uniqueId = "pipeline.04ad36b1.security-group";
+        return ((_a = stack.node.tryFindChild(uniqueId)) !== null && _a !== void 0 ? _a : new ec2.SecurityGroup(stack, uniqueId, {
+            vpc,
+        }));
+    }
+}
+exports.DeployEnv = DeployEnv;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVwbG95LWVudi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9waXBlbGluZXMvZGVwbG95LWVudi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSx5Q0FBd0M7QUFDeEMsMkNBQTBDO0FBQzFDLDJDQUEwQztBQUMxQywyQ0FBMEM7QUFDMUMsMkNBQTBDO0FBQzFDLDZDQUE0QztBQUU1QyxxREFBb0Q7QUFDcEQsNkRBQTREO0FBQzVELG1DQUFrQztBQUNsQywrQ0FBaUQ7QUFVakQsTUFBYSxTQUFVLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFHakQsWUFBWSxLQUEyQixFQUFFLEVBQVUsRUFBRSxLQUFxQjtRQUN4RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO1FBRWhCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUE7UUFFbEQsK0RBQStEO1FBQy9ELGlFQUFpRTtRQUVqRSxNQUFNLGNBQWMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1lBQ3BFLFNBQVMsRUFBRSxNQUFNO1lBQ2pCLEdBQUcsRUFBRSxLQUFLO1lBQ1YsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhLENBQUMsT0FBTztTQUN6QyxDQUFDLENBQUE7UUFFRixNQUFNLG1CQUFtQixHQUFHLGNBQWMsQ0FBQyxZQUFZLENBQUMsS0FBSyxFQUFFO1lBQzdELEtBQUssRUFBRSxHQUFHLENBQUMsY0FBYyxDQUFDLGlCQUFpQixDQUN6QyxHQUFHLENBQUMsVUFBVSxDQUFDLGlCQUFpQixDQUM5QixJQUFJLEVBQ0osWUFBWTtZQUNaLDREQUE0RDtZQUM1RCxnRkFBZ0YsQ0FDakYsRUFDRCxrQkFBa0IsQ0FDbkI7WUFDRCxPQUFPLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUM7Z0JBQzdCLFFBQVEsRUFBRSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtvQkFDNUMsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhLENBQUMsT0FBTztvQkFDeEMsU0FBUyxFQUFFLElBQUksQ0FBQyxhQUFhLENBQUMsU0FBUztpQkFDeEMsQ0FBQztnQkFDRixZQUFZLEVBQUUsS0FBSzthQUNwQixDQUFDO1NBQ0gsQ0FBQyxDQUFBO1FBRUYsTUFBTSxPQUFPLEdBQUcsR0FBRyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQ2xDLElBQUksRUFDSixXQUFXLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFDMUIsZ0JBQWdCLEtBQUssQ0FBQyxTQUFTLFNBQVMsK0JBQWlCLEVBQUUsQ0FDNUQsQ0FBQTtRQUVELE9BQU8sQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFBO1FBRXhELEtBQUssQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsQ0FBQTtRQUV2RCxJQUFJLENBQUMsS0FBSyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUMxQixJQUFJLEtBQUssQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLFVBQVUsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFO1lBQ3BELFVBQVUsRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU87WUFDaEMsY0FBYyxFQUFFLENBQUMsSUFBSSxDQUFDLDRCQUE0QixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUM5RCxrQkFBa0IsRUFBRSxHQUFHLENBQUMsa0JBQWtCLENBQUMsT0FBTztZQUNsRCxPQUFPO1lBQ1AsY0FBYyxFQUFFLElBQUk7WUFDcEIsWUFBWSxFQUFFLElBQUksS0FBSyxDQUFDLHNCQUFzQixFQUFFO1lBQ2hELGNBQWM7WUFDZCxrQkFBa0IsRUFBRTtnQkFDbEI7b0JBQ0UsbUJBQW1CO29CQUNuQixXQUFXLEVBQUU7d0JBQ1g7NEJBQ0UsSUFBSSxFQUFFLHFCQUFxQjs0QkFDM0IsS0FBSyxFQUFFLE9BQU8sQ0FBQyxPQUFPO3lCQUN2Qjt3QkFDRDs0QkFDRSxJQUFJLEVBQUUsY0FBYzs0QkFDcEIsS0FBSyxFQUFFLEtBQUssQ0FBQyxPQUFPO3lCQUNyQjt3QkFDRDs0QkFDRSxJQUFJLEVBQUUsb0JBQW9COzRCQUMxQixLQUFLLEVBQUUsR0FBRyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7eUJBQ2hEO3dCQUNEOzRCQUNFLElBQUksRUFBRSxlQUFlOzRCQUNyQixLQUFLLEVBQUUsR0FBRyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDO3lCQUM1QztxQkFDRjtpQkFDRjthQUNGO1NBQ0YsQ0FBQyxDQUNILENBQUE7UUFFRCxJQUFJLEtBQUssQ0FBQyxxQkFBcUIsSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUN4QyxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxDQUFBO1FBQzNELENBQUM7SUFDSCxDQUFDO0lBRUQsMERBQTBEO0lBQ2xELGtCQUFrQixDQUFDLEdBQWE7O1FBQ3RDLE1BQU0sS0FBSyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFBO1FBQ2hDLE1BQU0sUUFBUSxHQUFHLDJCQUEyQixDQUFBO1FBQzVDLE9BQU8sQ0FDTCxNQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLFFBQVEsQ0FBaUIsbUNBQ2xELElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsUUFBUSxFQUFFO1lBQy9CLEdBQUc7U0FDSixDQUFDLENBQ0gsQ0FBQTtJQUNILENBQUM7SUFFRCw2REFBNkQ7SUFDckQsNEJBQTRCLENBQUMsR0FBYTs7UUFDaEQsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUE7UUFDaEMsTUFBTSxRQUFRLEdBQUcsa0NBQWtDLENBQUE7UUFDbkQsT0FBTyxDQUNMLE1BQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsUUFBUSxDQUF1QixtQ0FDeEQsSUFBSSxHQUFHLENBQUMsYUFBYSxDQUFDLEtBQUssRUFBRSxRQUFRLEVBQUU7WUFDckMsR0FBRztTQUNKLENBQUMsQ0FDSCxDQUFBO0lBQ0gsQ0FBQztDQUNGO0FBN0dELDhCQTZHQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSBcImNvbnN0cnVjdHNcIlxuaW1wb3J0ICogYXMgZWMyIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWMyXCJcbmltcG9ydCAqIGFzIGVjciBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVjclwiXG5pbXBvcnQgKiBhcyBlY3MgZnJvbSBcImF3cy1jZGstbGliL2F3cy1lY3NcIlxuaW1wb3J0ICogYXMgaWFtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCJcbmltcG9ydCAqIGFzIGxvZ3MgZnJvbSBcImF3cy1jZGstbGliL2F3cy1sb2dzXCJcbmltcG9ydCAqIGFzIHMzIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIlxuaW1wb3J0ICogYXMgc2ZuIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mtc3RlcGZ1bmN0aW9uc1wiXG5pbXBvcnQgKiBhcyB0YXNrcyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXN0ZXBmdW5jdGlvbnMtdGFza3NcIlxuaW1wb3J0ICogYXMgY2RrIGZyb20gXCJhd3MtY2RrLWxpYlwiXG5pbXBvcnQgeyBjZGtEZXBsb3lSb2xlTmFtZSB9IGZyb20gXCIuL2NvbnZlbnRpb25zXCJcblxuaW50ZXJmYWNlIERlcGxveUVudlByb3BzIHtcbiAgYWNjb3VudElkOiBzdHJpbmdcbiAgYWZ0ZXJTdWNjZXNzZnVsRGVwbG95Pzogc2ZuLkNoYWluXG4gIGFydGVmYWN0QnVja2V0OiBzMy5JQnVja2V0XG4gIGVudk5hbWU6IHN0cmluZ1xuICB2cGM6IGVjMi5JVnBjXG59XG5cbmV4cG9ydCBjbGFzcyBEZXBsb3lFbnYgZXh0ZW5kcyBjb25zdHJ1Y3RzLkNvbnN0cnVjdCB7XG4gIHB1YmxpYyBjaGFpbjogc2ZuLkNoYWluXG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogRGVwbG95RW52UHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpXG5cbiAgICBjb25zdCBjbHVzdGVyID0gdGhpcy5nZXRPckNyZWF0ZUNsdXN0ZXIocHJvcHMudnBjKVxuXG4gICAgLy8gV2UgZG9uJ3QgcmV1c2UgdGhlIHRhc2sgZGVmaW5pdGlvbiBhY3Jvc3MgbXVsdGlwbGUgcGlwZWxpbmVzXG4gICAgLy8gc28gdGhhdCB3ZSBjYW4gZWFzaWVyIGZpbmQgdGhlIGNvcnJlY3QgbG9ncyBmb3IgZWFjaCBwaXBlbGluZS5cblxuICAgIGNvbnN0IHRhc2tEZWZpbml0aW9uID0gbmV3IGVjcy5UYXNrRGVmaW5pdGlvbih0aGlzLCBcIlRhc2tEZWZpbml0aW9uXCIsIHtcbiAgICAgIG1lbW9yeU1pQjogXCIxMDI0XCIsXG4gICAgICBjcHU6IFwiMjU2XCIsXG4gICAgICBjb21wYXRpYmlsaXR5OiBlY3MuQ29tcGF0aWJpbGl0eS5GQVJHQVRFLFxuICAgIH0pXG5cbiAgICBjb25zdCBjb250YWluZXJEZWZpbml0aW9uID0gdGFza0RlZmluaXRpb24uYWRkQ29udGFpbmVyKFwiYXBwXCIsIHtcbiAgICAgIGltYWdlOiBlY3MuQ29udGFpbmVySW1hZ2UuZnJvbUVjclJlcG9zaXRvcnkoXG4gICAgICAgIGVjci5SZXBvc2l0b3J5LmZyb21SZXBvc2l0b3J5QXJuKFxuICAgICAgICAgIHRoaXMsXG4gICAgICAgICAgXCJSZXBvc2l0b3J5XCIsXG4gICAgICAgICAgLy8gU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9jYXByYWxpZmVjeWNsZS9saWZsaWctY2RrLWRlcGxveWVyXG4gICAgICAgICAgXCJhcm46YXdzOmVjcjpldS13ZXN0LTE6MDAxMTEyMjM4ODEzOnJlcG9zaXRvcnkvaW5jdWItY29tbW9uLWxpZmxpZy1jZGstZGVwbG95ZXJcIixcbiAgICAgICAgKSxcbiAgICAgICAgXCIxLWV4cGVyaW1lbnRhbC4yXCIsXG4gICAgICApLFxuICAgICAgbG9nZ2luZzogZWNzLkxvZ0RyaXZlci5hd3NMb2dzKHtcbiAgICAgICAgbG9nR3JvdXA6IG5ldyBsb2dzLkxvZ0dyb3VwKHRoaXMsIFwiTG9nR3JvdXBcIiwge1xuICAgICAgICAgIHJlbW92YWxQb2xpY3k6IGNkay5SZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgICAgICAgcmV0ZW50aW9uOiBsb2dzLlJldGVudGlvbkRheXMuT05FX01PTlRILFxuICAgICAgICB9KSxcbiAgICAgICAgc3RyZWFtUHJlZml4OiBcImFwcFwiLFxuICAgICAgfSksXG4gICAgfSlcblxuICAgIGNvbnN0IGNka1JvbGUgPSBpYW0uUm9sZS5mcm9tUm9sZUFybihcbiAgICAgIHRoaXMsXG4gICAgICBgQ2RrUm9sZS0ke3Byb3BzLmVudk5hbWV9YCxcbiAgICAgIGBhcm46YXdzOmlhbTo6JHtwcm9wcy5hY2NvdW50SWR9OnJvbGUvJHtjZGtEZXBsb3lSb2xlTmFtZX1gLFxuICAgIClcblxuICAgIGNka1JvbGUuZ3JhbnQodGFza0RlZmluaXRpb24udGFza1JvbGUsIFwic3RzOkFzc3VtZVJvbGVcIilcblxuICAgIHByb3BzLmFydGVmYWN0QnVja2V0LmdyYW50UmVhZCh0YXNrRGVmaW5pdGlvbi50YXNrUm9sZSlcblxuICAgIHRoaXMuY2hhaW4gPSBzZm4uQ2hhaW4uc3RhcnQoXG4gICAgICBuZXcgdGFza3MuRWNzUnVuVGFzayh0aGlzLCBgRGVwbG95ICR7cHJvcHMuZW52TmFtZX1gLCB7XG4gICAgICAgIHJlc3VsdFBhdGg6IHNmbi5Kc29uUGF0aC5ESVNDQVJELFxuICAgICAgICBzZWN1cml0eUdyb3VwczogW3RoaXMuZ2V0T3JDcmVhdGVUYXNrU2VjdXJpdHlHcm91cChwcm9wcy52cGMpXSxcbiAgICAgICAgaW50ZWdyYXRpb25QYXR0ZXJuOiBzZm4uSW50ZWdyYXRpb25QYXR0ZXJuLlJVTl9KT0IsXG4gICAgICAgIGNsdXN0ZXIsXG4gICAgICAgIGFzc2lnblB1YmxpY0lwOiB0cnVlLFxuICAgICAgICBsYXVuY2hUYXJnZXQ6IG5ldyB0YXNrcy5FY3NGYXJnYXRlTGF1bmNoVGFyZ2V0KCksXG4gICAgICAgIHRhc2tEZWZpbml0aW9uLFxuICAgICAgICBjb250YWluZXJPdmVycmlkZXM6IFtcbiAgICAgICAgICB7XG4gICAgICAgICAgICBjb250YWluZXJEZWZpbml0aW9uLFxuICAgICAgICAgICAgZW52aXJvbm1lbnQ6IFtcbiAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgIG5hbWU6IFwiQ0RLX1RBUkdFVF9ST0xFX0FSTlwiLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBjZGtSb2xlLnJvbGVBcm4sXG4gICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgICBuYW1lOiBcIkNES19FTlZfTkFNRVwiLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBwcm9wcy5lbnZOYW1lLFxuICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgbmFtZTogXCJDREtfQ0xPVURfQVNTRU1CTFlcIixcbiAgICAgICAgICAgICAgICB2YWx1ZTogc2ZuLkpzb25QYXRoLnN0cmluZ0F0KFwiJC5DbG91ZEFzc2VtYmx5XCIpLFxuICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgbmFtZTogXCJDREtfVkFSSUFCTEVTXCIsXG4gICAgICAgICAgICAgICAgdmFsdWU6IHNmbi5Kc29uUGF0aC5zdHJpbmdBdChcIiQuVmFyaWFibGVzXCIpLFxuICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgXSxcbiAgICAgICAgICB9LFxuICAgICAgICBdLFxuICAgICAgfSksXG4gICAgKVxuXG4gICAgaWYgKHByb3BzLmFmdGVyU3VjY2Vzc2Z1bERlcGxveSAhPSBudWxsKSB7XG4gICAgICB0aGlzLmNoYWluID0gdGhpcy5jaGFpbi5uZXh0KHByb3BzLmFmdGVyU3VjY2Vzc2Z1bERlcGxveSlcbiAgICB9XG4gIH1cblxuICAvLyBSZXVzZSBFQ1MgY2x1c3RlciBmb3IgbXVsdGlwbGUgcGlwZWxpbmVzIGluIHNhbWUgc3RhY2suXG4gIHByaXZhdGUgZ2V0T3JDcmVhdGVDbHVzdGVyKHZwYzogZWMyLklWcGMpOiBlY3MuQ2x1c3RlciB7XG4gICAgY29uc3Qgc3RhY2sgPSBjZGsuU3RhY2sub2YodGhpcylcbiAgICBjb25zdCB1bmlxdWVJZCA9IFwicGlwZWxpbmUuMDRhZDM2YjEuY2x1c3RlclwiXG4gICAgcmV0dXJuIChcbiAgICAgIChzdGFjay5ub2RlLnRyeUZpbmRDaGlsZCh1bmlxdWVJZCkgYXMgZWNzLkNsdXN0ZXIpID8/XG4gICAgICBuZXcgZWNzLkNsdXN0ZXIoc3RhY2ssIHVuaXF1ZUlkLCB7XG4gICAgICAgIHZwYyxcbiAgICAgIH0pXG4gICAgKVxuICB9XG5cbiAgLy8gUmV1c2Ugc2VjdXJpdHkgZ3JvdXAgZm9yIG11bHRpcGxlIHBpcGVsaW5lcyBpbiBzYW1lIHN0YWNrLlxuICBwcml2YXRlIGdldE9yQ3JlYXRlVGFza1NlY3VyaXR5R3JvdXAodnBjOiBlYzIuSVZwYyk6IGVjMi5TZWN1cml0eUdyb3VwIHtcbiAgICBjb25zdCBzdGFjayA9IGNkay5TdGFjay5vZih0aGlzKVxuICAgIGNvbnN0IHVuaXF1ZUlkID0gXCJwaXBlbGluZS4wNGFkMzZiMS5zZWN1cml0eS1ncm91cFwiXG4gICAgcmV0dXJuIChcbiAgICAgIChzdGFjay5ub2RlLnRyeUZpbmRDaGlsZCh1bmlxdWVJZCkgYXMgZWMyLlNlY3VyaXR5R3JvdXApID8/XG4gICAgICBuZXcgZWMyLlNlY3VyaXR5R3JvdXAoc3RhY2ssIHVuaXF1ZUlkLCB7XG4gICAgICAgIHZwYyxcbiAgICAgIH0pXG4gICAgKVxuICB9XG59XG4iXX0=

package/lib/pipelines/index.d.ts

@@ -0,0 +1,2 @@
+export { LifligCdkDeployerDeps, LifligCdkDeployerDepsProps, } from "./liflig-cdk-deployer-deps";
+export { Pipeline, PipelineEnvironment, PipelineProps } from "./pipeline";

package/lib/pipelines/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Pipeline = exports.LifligCdkDeployerDeps = void 0;
+var liflig_cdk_deployer_deps_1 = require("./liflig-cdk-deployer-deps");
+Object.defineProperty(exports, "LifligCdkDeployerDeps", { enumerable: true, get: function () { return liflig_cdk_deployer_deps_1.LifligCdkDeployerDeps; } });
+var pipeline_1 = require("./pipeline");
+Object.defineProperty(exports, "Pipeline", { enumerable: true, get: function () { return pipeline_1.Pipeline; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcGlwZWxpbmVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHVFQUdtQztBQUZqQyxpSUFBQSxxQkFBcUIsT0FBQTtBQUd2Qix1Q0FBeUU7QUFBaEUsb0dBQUEsUUFBUSxPQUFBIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0IHtcbiAgTGlmbGlnQ2RrRGVwbG95ZXJEZXBzLFxuICBMaWZsaWdDZGtEZXBsb3llckRlcHNQcm9wcyxcbn0gZnJvbSBcIi4vbGlmbGlnLWNkay1kZXBsb3llci1kZXBzXCJcbmV4cG9ydCB7IFBpcGVsaW5lLCBQaXBlbGluZUVudmlyb25tZW50LCBQaXBlbGluZVByb3BzIH0gZnJvbSBcIi4vcGlwZWxpbmVcIlxuIl19

package/lib/pipelines/liflig-cdk-deployer-deps.d.ts

@@ -0,0 +1,13 @@
+import * as constructs from "constructs";
+export interface LifligCdkDeployerDepsProps {
+    trustedAccountIds: string[];
+}
+/**
+ * Resources needed so liflig-cdk-deployer can deploy to the account.
+ *
+ * This must exist in each target account that the pipeline should
+ * be able to deploy into.
+ */
+export declare class LifligCdkDeployerDeps extends constructs.Construct {
+    constructor(scope: constructs.Construct, id: string, props: LifligCdkDeployerDepsProps);
+}

package/lib/pipelines/liflig-cdk-deployer-deps.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LifligCdkDeployerDeps = void 0;
+const constructs = require("constructs");
+const iam = require("aws-cdk-lib/aws-iam");
+const cdk = require("aws-cdk-lib");
+const conventions_1 = require("./conventions");
+/**
+ * Resources needed so liflig-cdk-deployer can deploy to the account.
+ *
+ * This must exist in each target account that the pipeline should
+ * be able to deploy into.
+ */
+class LifligCdkDeployerDeps extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const account = cdk.Stack.of(this).account;
+        // The role used when running "cdk deploy".
+        const cdkRole = new iam.Role(this, "CdkRole", {
+            roleName: conventions_1.cdkDeployRoleName,
+            assumedBy: new iam.CompositePrincipal(...props.trustedAccountIds.map((it) => new iam.AccountPrincipal(it))),
+        });
+        // Roles used by CDK CLI for the actual deployment.
+        // (For use under new-style synthesize.)
+        cdkRole.addToPolicy(new iam.PolicyStatement({
+            actions: ["sts:AssumeRole"],
+            resources: [
+                `arn:aws:iam::${account}:role/*-deploy-role-*`,
+                `arn:aws:iam::${account}:role/*-publishing-role-*`,
+            ],
+        }));
+    }
+}
+exports.LifligCdkDeployerDeps = LifligCdkDeployerDeps;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGlmbGlnLWNkay1kZXBsb3llci1kZXBzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3BpcGVsaW5lcy9saWZsaWctY2RrLWRlcGxveWVyLWRlcHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEseUNBQXdDO0FBQ3hDLDJDQUEwQztBQUMxQyxtQ0FBa0M7QUFDbEMsK0NBQWlEO0FBTWpEOzs7OztHQUtHO0FBQ0gsTUFBYSxxQkFBc0IsU0FBUSxVQUFVLENBQUMsU0FBUztJQUM3RCxZQUNFLEtBQTJCLEVBQzNCLEVBQVUsRUFDVixLQUFpQztRQUVqQyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFBO1FBRWhCLE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sQ0FBQTtRQUUxQywyQ0FBMkM7UUFDM0MsTUFBTSxPQUFPLEdBQUcsSUFBSSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxTQUFTLEVBQUU7WUFDNUMsUUFBUSxFQUFFLCtCQUFpQjtZQUMzQixTQUFTLEVBQUUsSUFBSSxHQUFHLENBQUMsa0JBQWtCLENBQ25DLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FDckU7U0FDRixDQUFDLENBQUE7UUFFRixtREFBbUQ7UUFDbkQsd0NBQXdDO1FBQ3hDLE9BQU8sQ0FBQyxXQUFXLENBQ2pCLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztZQUN0QixPQUFPLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQztZQUMzQixTQUFTLEVBQUU7Z0JBQ1QsZ0JBQWdCLE9BQU8sdUJBQXVCO2dCQUM5QyxnQkFBZ0IsT0FBTywyQkFBMkI7YUFDbkQ7U0FDRixDQUFDLENBQ0gsQ0FBQTtJQUNILENBQUM7Q0FDRjtBQTlCRCxzREE4QkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBjb25zdHJ1Y3RzIGZyb20gXCJjb25zdHJ1Y3RzXCJcbmltcG9ydCAqIGFzIGlhbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiXG5pbXBvcnQgKiBhcyBjZGsgZnJvbSBcImF3cy1jZGstbGliXCJcbmltcG9ydCB7IGNka0RlcGxveVJvbGVOYW1lIH0gZnJvbSBcIi4vY29udmVudGlvbnNcIlxuXG5leHBvcnQgaW50ZXJmYWNlIExpZmxpZ0Nka0RlcGxveWVyRGVwc1Byb3BzIHtcbiAgdHJ1c3RlZEFjY291bnRJZHM6IHN0cmluZ1tdXG59XG5cbi8qKlxuICogUmVzb3VyY2VzIG5lZWRlZCBzbyBsaWZsaWctY2RrLWRlcGxveWVyIGNhbiBkZXBsb3kgdG8gdGhlIGFjY291bnQuXG4gKlxuICogVGhpcyBtdXN0IGV4aXN0IGluIGVhY2ggdGFyZ2V0IGFjY291bnQgdGhhdCB0aGUgcGlwZWxpbmUgc2hvdWxkXG4gKiBiZSBhYmxlIHRvIGRlcGxveSBpbnRvLlxuICovXG5leHBvcnQgY2xhc3MgTGlmbGlnQ2RrRGVwbG95ZXJEZXBzIGV4dGVuZHMgY29uc3RydWN0cy5Db25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogY29uc3RydWN0cy5Db25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICBwcm9wczogTGlmbGlnQ2RrRGVwbG95ZXJEZXBzUHJvcHMsXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZClcblxuICAgIGNvbnN0IGFjY291bnQgPSBjZGsuU3RhY2sub2YodGhpcykuYWNjb3VudFxuXG4gICAgLy8gVGhlIHJvbGUgdXNlZCB3aGVuIHJ1bm5pbmcgXCJjZGsgZGVwbG95XCIuXG4gICAgY29uc3QgY2RrUm9sZSA9IG5ldyBpYW0uUm9sZSh0aGlzLCBcIkNka1JvbGVcIiwge1xuICAgICAgcm9sZU5hbWU6IGNka0RlcGxveVJvbGVOYW1lLFxuICAgICAgYXNzdW1lZEJ5OiBuZXcgaWFtLkNvbXBvc2l0ZVByaW5jaXBhbChcbiAgICAgICAgLi4ucHJvcHMudHJ1c3RlZEFjY291bnRJZHMubWFwKChpdCkgPT4gbmV3IGlhbS5BY2NvdW50UHJpbmNpcGFsKGl0KSksXG4gICAgICApLFxuICAgIH0pXG5cbiAgICAvLyBSb2xlcyB1c2VkIGJ5IENESyBDTEkgZm9yIHRoZSBhY3R1YWwgZGVwbG95bWVudC5cbiAgICAvLyAoRm9yIHVzZSB1bmRlciBuZXctc3R5bGUgc3ludGhlc2l6ZS4pXG4gICAgY2RrUm9sZS5hZGRUb1BvbGljeShcbiAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgYWN0aW9uczogW1wic3RzOkFzc3VtZVJvbGVcIl0sXG4gICAgICAgIHJlc291cmNlczogW1xuICAgICAgICAgIGBhcm46YXdzOmlhbTo6JHthY2NvdW50fTpyb2xlLyotZGVwbG95LXJvbGUtKmAsXG4gICAgICAgICAgYGFybjphd3M6aWFtOjoke2FjY291bnR9OnJvbGUvKi1wdWJsaXNoaW5nLXJvbGUtKmAsXG4gICAgICAgIF0sXG4gICAgICB9KSxcbiAgICApXG4gIH1cbn1cbiJdfQ==

package/lib/pipelines/pipeline.d.ts

@@ -0,0 +1,78 @@
+import * as constructs from "constructs";
+import * as ec2 from "aws-cdk-lib/aws-ec2";
+import * as s3 from "aws-cdk-lib/aws-s3";
+import * as sfn from "aws-cdk-lib/aws-stepfunctions";
+export interface PipelineProps {
+    /**
+     * Bucket holding pipeline configuration and trigger file.
+     *
+     * @default - use existing bucket based on Griid conventions
+     */
+    artifactsBucket?: s3.IBucket;
+    /**
+     * Environments for this pipeline. Each environment is deployed sequentially
+     * in the order given.
+     */
+    environments: PipelineEnvironment[];
+    /**
+     * Name of pipeline. This is used for the path where configuration
+     * is stored in S3.
+     */
+    pipelineName: string;
+    /**
+     * Trigger the pipeline when the trigger file is written.
+     *
+     * @default - true
+     */
+    triggerEnabled?: boolean;
+    /**
+     * VPC used for Fargate resources.
+     */
+    vpc: ec2.IVpc;
+}
+export interface PipelineEnvironment {
+    /**
+     * Account number hosting the environment.
+     */
+    accountId: string;
+    /**
+     * Additional tasks to run after the environment has been deployed.
+     */
+    afterSuccessfulDeploy?: sfn.Chain;
+    /**
+     * Name of environment.
+     */
+    name: string;
+}
+/**
+ * Pipeline for doing a multi-account CDK deployment based
+ * on a built CDK Cloud Assembly and parameters stored in S3.
+ *
+ * The accounts being deployed to must be provisioned with
+ * the LifligCdkDeployerDeps construct so expected IAM
+ * roles is present.
+ *
+ * The pipeline starts by writing an empty file to
+ * s3://<artifacts-bucket>/pipelines/<pipeline-name>/trigger
+ *
+ * The CDK deploy process is handled by liflig-cdk-deployer.
+ * See https://github.com/capralifecycle/liflig-cdk-deployer
+ *
+ * Configuration files are read from S3 at the path
+ * s3://<artifacts-bucket>/pipelines/<pipeline-name>/
+ *
+ *  - cloud-assembly.json which has the format described as
+ *    CDK_CLOUD_ASSEMBLY in liflig-cdk-deployer
+ *
+ *  - variables*.json which can be zero or more files
+ *    with string-string map that will be concatenated to
+ *    form the format described as CDK_VARIABLES in
+ *    liflig-cdk-deployer
+ *
+ * The separation of Cloud Assembly details and variables enables
+ * separation of IaC code and application code if they are not
+ * colocated in the same repository.
+ */
+export declare class Pipeline extends constructs.Construct {
+    constructor(scope: constructs.Construct, id: string, props: PipelineProps);
+}